Computing devices such as smartphones, netbooks, gaming devices, PDAs, desktop computers, televisions, and laptop computers are now ubiquitous. A common use for these types of devices is browsing webpages utilizing the Internet. Existing versions of hypertext markup language (e.g., HTML5) provide a rich set of application programming interfaces (APIs) to access a user's private and sensitive information easily, and in many instances, the responsibility for security is shifted to the users.
In addition, uniquely identifiable user information and browsing behaviors are increasingly being tracked by a collection of methods known as “ever-cookies,” and these methods use several Web-standard APIs to store persistent information that is accessible across websites. Currently there is no effective solution to protect users from tracking using ever-cookies.
Moreover, ad-publishing platforms are increasingly using browser fingerprinting techniques to uniquely identify users with low bits of entropy, and modern browsers do little, if anything, to prevent fingerprinting currently.
Adblock and other similar add-ons provide very limited protection from trackers and malicious web contents by using crowd-sourced curated lists. But malicious websites can circumvent these measures easily.
Although process based sandbox architectures in web browsers may take advantage of protected memory and restricted permissions given to the render process by the underlying operating system, they still allow websites to access sensitive information via standard HTML APIs.
Private and incognito browsing options provide some protection against information theft, but the user must opt-in, and the private browsing applies to the entire tab/window. Even private browsing is susceptible to fingerprinting and phishing attacks.
Chrome safe-browsing, XSS auditor, third-party cookie blocking, first-party origin policy, and other currently available security measures provide very limited protection from malicious content. Moreover, some of these measures rely on user intervention.
Legitimate websites may have compromised third-party contents that the websites have no control whatsoever. These legitimate sites can gain user's trust easily, but can compromise their privacy and security unknowingly.